Commit 501664d4 authored by Alice Salsé's avatar Alice Salsé
Browse files

test grant (a tester)

parent 4ef227af
......@@ -14,4 +14,4 @@ done
psql -h ${host} -d ${dbname} -U ${user} -p ${port} -b -q -v schemaname=${schemaname} -f sql/create_index.sql
python python/qgs_field_definition.py $schemaname
echo Grant roles
psql -h ${host} -d ${dbname} -U ${user} -p ${port} -b -q -v schemaname=${schemaname} -f sql/grant_tables_roles.sql
psql -h ${host} -d ${dbname} -U ${user} -p ${port} -b -q -v schemaname=${schemaname} schematype=${schematype} -f sql/grant_tables_roles.sql
......@@ -15,4 +15,4 @@ psql -h ${host} -d ${dbname} -U ${user} -p ${port} -b -q -v schemaname=${scheman
psql -h ${host} -d ${dbname} -U ${user} -p ${port} -b -q -v schemaname=${schemaname} -f sql/create_index.sql
python python/qgs_field_definition.py $schemaname
echo Grant roles
psql -h ${host} -d ${dbname} -U ${user} -p ${port} -b -q -v schemaname=${schemaname} -f sql/grant_tables_roles.sql
psql -h ${host} -d ${dbname} -U ${user} -p ${port} -b -q -v schemaname=${schemaname} schematype=network -f sql/grant_tables_roles.sql
......@@ -6,10 +6,12 @@ GRANT ALL ON DATABASE :DBNAME TO administrateur;
GRANT CONNECT,TEMP ON DATABASE :DBNAME TO editeur,viewer;
SET tmpvar.schemaname TO :'schemaname';
SET tmpvar.schematype TO :'schematype';
-->> FONCTION QUI ACTIVE LES DROITS ADEQUATS SUR CHAQUE TABLE EXISTANTE
DO $$
DECLARE
_schema text := current_setting('tmpvar.schemaname', true);
_schtype text := current_setting('tmpvar.schematype', true);
schms CURSOR FOR
SELECT nspname FROM pg_namespace
where nspname not in ('public', 'information_schema')
......@@ -27,12 +29,12 @@ BEGIN
EXECUTE 'GRANT USAGE ON SCHEMA '||s.nspname||' TO editeur, viewer;';
--TABLES PRIVILEGES
----REVOKE admin+editeur+viewer
EXECUTE 'ALTER DEFAULT PRIVILEGES IN SCHEMA '||s.nspname||' REVOKE ALL ON TABLES FROM administrateur, editeur, viewer;';
EXECUTE 'ALTER DEFAULT PRIVILEGES IN SCHEMA '||s.nspname||' REVOKE ALL ON FUNCTIONS FROM administrateur, editeur, viewer;';
EXECUTE 'ALTER DEFAULT PRIVILEGES IN SCHEMA '||s.nspname||' REVOKE ALL ON SEQUENCES FROM administrateur, editeur, viewer;';
EXECUTE 'REVOKE ALL ON ALL TABLES IN SCHEMA '||s.nspname||' FROM administrateur, editeur, viewer;';
EXECUTE 'REVOKE ALL ON ALL FUNCTIONS IN SCHEMA '||s.nspname||' FROM administrateur, editeur, viewer;';
EXECUTE 'REVOKE ALL ON ALL SEQUENCES IN SCHEMA '||s.nspname||' FROM administrateur, editeur, viewer;';
EXECUTE 'ALTER DEFAULT PRIVILEGES IN SCHEMA '||s.nspname||' REVOKE ALL ON TABLES FROM administrateur, editeur, editeur_nw, editeur_events, viewer;';
EXECUTE 'ALTER DEFAULT PRIVILEGES IN SCHEMA '||s.nspname||' REVOKE ALL ON FUNCTIONS FROM administrateur, editeur, editeur_nw, editeur_events, viewer;';
EXECUTE 'ALTER DEFAULT PRIVILEGES IN SCHEMA '||s.nspname||' REVOKE ALL ON SEQUENCES FROM administrateur, editeur, editeur_nw, editeur_events, viewer;';
EXECUTE 'REVOKE ALL ON ALL TABLES IN SCHEMA '||s.nspname||' FROM administrateur, editeur, editeur_nw, editeur_events, viewer;';
EXECUTE 'REVOKE ALL ON ALL FUNCTIONS IN SCHEMA '||s.nspname||' FROM administrateur, editeur, editeur_nw, editeur_events, viewer;';
EXECUTE 'REVOKE ALL ON ALL SEQUENCES IN SCHEMA '||s.nspname||' FROM administrateur, editeur, editeur_nw, editeur_events, viewer;';
----GRANT admin
EXECUTE 'ALTER DEFAULT PRIVILEGES IN SCHEMA '||s.nspname||' GRANT ALL ON TABLES TO administrateur WITH GRANT OPTION;';
EXECUTE 'ALTER DEFAULT PRIVILEGES IN SCHEMA '||s.nspname||' GRANT ALL ON FUNCTIONS TO administrateur WITH GRANT OPTION;';
......@@ -52,11 +54,36 @@ BEGIN
----GRANT viewer
EXECUTE 'ALTER DEFAULT PRIVILEGES IN SCHEMA '||s.nspname||' GRANT SELECT ON TABLES TO viewer;';
EXECUTE 'GRANT SELECT ON ALL TABLES IN SCHEMA '||s.nspname||' TO viewer;';
-- IF SCHEMA TYPE network
if _schtype = 'network' then
----GRANT editeur_nw
EXECUTE 'ALTER DEFAULT PRIVILEGES IN SCHEMA '||s.nspname||' GRANT INSERT, SELECT, UPDATE, DELETE ON TABLES TO editeur_nw;';
EXECUTE 'ALTER DEFAULT PRIVILEGES IN SCHEMA '||s.nspname||' GRANT EXECUTE ON FUNCTIONS TO editeur_nw;';
EXECUTE 'ALTER DEFAULT PRIVILEGES IN SCHEMA '||s.nspname||' GRANT USAGE ON SEQUENCES TO editeur_nw;';
EXECUTE 'GRANT INSERT, SELECT, UPDATE, DELETE ON ALL TABLES IN SCHEMA '||s.nspname||' TO editeur_nw;';
EXECUTE 'GRANT EXECUTE ON ALL FUNCTIONS IN SCHEMA '||s.nspname||' TO editeur_nw;';
EXECUTE 'GRANT USAGE ON ALL SEQUENCES IN SCHEMA '||s.nspname||' TO editeur_nw;';
----GRANT editeur_events
EXECUTE 'ALTER DEFAULT PRIVILEGES IN SCHEMA '||s.nspname||' GRANT SELECT ON TABLES TO editeur_events;';
EXECUTE 'GRANT SELECT ON ALL TABLES IN SCHEMA '||s.nspname||' TO editeur_events;';
-- IF SCHEMA TYPE events
elsif _schtype = 'events' then
----GRANT editeur_events
EXECUTE 'ALTER DEFAULT PRIVILEGES IN SCHEMA '||s.nspname||' GRANT INSERT, SELECT, UPDATE, DELETE ON TABLES TO editeur_events;';
EXECUTE 'ALTER DEFAULT PRIVILEGES IN SCHEMA '||s.nspname||' GRANT EXECUTE ON FUNCTIONS TO editeur_events;';
EXECUTE 'ALTER DEFAULT PRIVILEGES IN SCHEMA '||s.nspname||' GRANT USAGE ON SEQUENCES TO editeur_events;';
EXECUTE 'GRANT INSERT, SELECT, UPDATE, DELETE ON ALL TABLES IN SCHEMA '||s.nspname||' TO editeur_events;';
EXECUTE 'GRANT EXECUTE ON ALL FUNCTIONS IN SCHEMA '||s.nspname||' TO editeur_events;';
EXECUTE 'GRANT USAGE ON ALL SEQUENCES IN SCHEMA '||s.nspname||' TO editeur_events;';
----GRANT editeur_nw
EXECUTE 'ALTER DEFAULT PRIVILEGES IN SCHEMA '||s.nspname||' GRANT SELECT ON TABLES TO editeur_nw;';
EXECUTE 'GRANT SELECT ON ALL TABLES IN SCHEMA '||s.nspname||' TO editeur_nw;';
end if;
end if;
if s.nspname in (_schema||'_vl', 'config', 'fdp') then
----GRANT viewer
EXECUTE 'ALTER DEFAULT PRIVILEGES IN SCHEMA '||s.nspname||' GRANT SELECT ON TABLES TO editeur,viewer;';
EXECUTE 'GRANT SELECT ON ALL TABLES IN SCHEMA '||s.nspname||' TO editeur,viewer;';
----GRANT editeur+viewer
EXECUTE 'ALTER DEFAULT PRIVILEGES IN SCHEMA '||s.nspname||' GRANT SELECT ON TABLES TO editeur, editeur_nw, editeur_events, viewer;';
EXECUTE 'GRANT SELECT ON ALL TABLES IN SCHEMA '||s.nspname||' TO editeur, editeur_nw, editeur_events, viewer;';
end if;
END LOOP;
END$$;
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment